![[Top]](../images/home.jpg)
![[Contents]](../images/contents.jpg)
![[Next]](../images/next.jpg)
![[Last]](../images/index.jpg)
![[Search]](../images/search.jpg)
- Ascend Customer Service
Chapter 1 Introduction
- What is in this guide
- What you should know
- Related publications
- MAX TNT documentation set
- Related RFCs
- Information about PPP connections
- Information about IP routing
- Information about OSPF routing
- Information about multicast
- Information about virtual private networks
- Information about IPX routing
- Information about packet filtering
- Information about general network security
- Information about external authentication
- ITU-T recommendations
- Related books
- Documentation conventions
Chapter 2 WAN Connections
- Introduction to WAN connections
- Types of encapsulation protocols
- Answering and authenticating dial-in calls
- How the system initiates dial-out calls
- Establishing and monitoring sessions
- Spanning cards and shelves for multichannel calls
- Local profiles
- Answer-Defaults profile
- Default settings
- Requiring authentication for PPP calls
- V.120 settings
- Terminal-Server profile
- Connection profiles
- Required settings
- Telco settings for nailed connections
- Session time limits
- Session accounting options
- Routing and security settings
- External authentication servers
- Using RADIUS
- Using TACACS or TACACS+
- Configuring PPP connections
- Password authentication
- Link compression methods
- Link Quality Monitoring
- Example of a synchronous PPP connection
- Example of an asynchronous PPP connection
- Configuring MP connections
- Setting the base channel count
- Example of an MP connection
- Configuring MP+ connections
- How the MAX TNT adds bandwidth
- Monitoring bandwidth usage
- Specifying bandwidth increments
- Specifying the utilization rate that forces a request for bandwidth
- Specifying how long the utilization rate should persist
- ALU spikes
- Telco charges
- Example of an MP+ configuration
- Example of a nailed MP+ connection
- Configuring TCP-Clear connections
- Required settings
- Performance enhancements for TCP-Clear calls
- Parameters for setting up packet buffering
- Defining an End-of-Packet pattern
- Example of a TCP-Clear configuration with packet buffering
- Enabling modem dial-out connections
- Password-protecting modem dialout access
- Global password protection
- User-level password protection
- Example of enabling direct-access with global password
- Example of enabling direct-access with user password
Chapter 3 Frame Relay
- Using the MAX TNT as a Frame Relay concentrator
- Configuring a physical link for a Frame Relay interface
- Configuring the Frame Relay data link
- Link types
- Specifying the physical link to use
- DTE configuration for connecting to a DCE switch
- DCE configuration for connecting to DTE equipment
- NNI configuration for Frame Relay switching
- Configuring Frame Relay gateway connections
- Gateway connection parameters
- Example of a gateway connection
- Configuring Frame Relay Switching
- Frame Relay circuit parameters
- Example of a circuit between UNI interfaces
- Example of a circuit between NNI interfaces
- Configuring Frame Relay Direct connections
- Frame Relay Direct parameters
- Example of two Frame Relay Direct connections
Chapter 4 IP Routing
- IP routing configuration overview
- IP diagnostic commands
- Displaying the routing and interface tables
- Performing a DNS lookup
- Pinging a host
- Displaying route statistics
- Using Ascend notation for IP addresses
- Configuring the IP router
- Accessing the IP-Global profile
- Specifying a system address
- Setting an interface-independent IP address
- Providing access to DNS
- Specifying domain names for name lookups
- Specifying which name servers are accessible
- Supporting DNS list
- Setting up a local DNS table
- Host name matching
- Defining the local table
- Using the Auto-Update feature
- Configuring address pools for dynamic assignment to dial-in hosts
- Enabling the system to assign addresses
- Requiring acceptance of the pool address
- Pool names (TACACS+)
- What is pool summary?
- Setting up address pools (no pool summary)
- Setting up summarized address pools (pool summary)
- Enabling incoming calls to share profiles
- Configuring Telnet access to the system
- Configuring system-level routing policies and preferences
- RIP-v1 issues
- Handling ICMP redirects and directed broadcast requests
- Dropping source-routed packets
- Ignoring default routes in updates
- Poisoning routes to force the use of a redundant Ascend unit
- Static and RIP preferences
- Limiting the size of UDP packet queues
- Route caches
- Port caches
- Enabling BOOTP and RARP
- Enabling UDP checksums
- Setting a TCP timeout
- Enabling response to Finger queries
- Using SNTP to set and maintain the MAX TNT system time
- Configuring LAN interfaces
- IP-Interface profile indexes
- Assigning local IP addresses
- Enabling proxy ARP on a LAN interface
- Enabling RIP on a LAN interface
- Configuring WAN interfaces
- Listing the IP subprofile of a Connection profile
- Enabling IP routing for a WAN connection
- Example of a connection to a remote IP router
- Example of a dial-in host requiring a host route
- Example of a dial-in host requiring address assignment
- Example of a numbered-interface connection
- Configuring WAN routing policies and preferences
- Assigning a metric to the connection
- Assigning a preference and down-preference
- Making the connection route private
- Enabling RIP on the connection
- Using client DNS
- Specifying client default gateways
- Specifying IP-Direct connections
- Configuring static IP routes
- OSPF-related settings
- Example of a default route
- Example of a static route
- Assigning a metric and preference to a static route
- Making a static route private
- Making a static route temporarily inactive
- Example of static multipath routes
Chapter 5 OSPF Routing
- Introduction to OSPF
- RIP limitations solved by OSPF
- Distance-vector metrics
- 15-hop limitation
- Excessive routing traffic and slow convergence
- Ascend implementation of OSPF
- OSPF diagnostic commands
- OSPF features
- Security
- Support for variable length subnet masks
- Interior gateway protocol (IGP)
- Exchange of routing information
- Designated and Backup Designated Routers
- Configurable cost metrics
- Hierarchical routing (areas)
- The link-state routing algorithm
- Configuring the OSPF router
- OSPF ASE preferences and handling
- OSPF global option for disabling ASBR calculations
- Configuring LAN and WAN interfaces
- Example of a LAN OSPF interface
- Example of WAN OSPF interfaces
- Example of integrating a RIP-v2 interface
- Example of an NSSA with a Type-7 LSA
- Importing summarized routes to OSPF
- Configuring OSPF information in static routes
- Assigning a cost to a static route
- Specifying a third-party route
Chapter 6 Multicast Forwarding
- Introduction to multicast forwarding
- Enabling multicast forwarding
- Identifying the MBONE interface
- Specifying a timeout for group memberships
- Monitoring the multicast traffic heartbeat
- Enabling heartbeat monitoring
- Specifying which packets to monitor
- Configuring the interface to the multicast router
- Example of a LAN MBONE interface
- Example of a WAN MBONE interface
- Configuring interfaces to multicast clients
- Enabling the MAX TNT to forward multicast traffic
- Specifying a delay for clearing group sessions
- Example of a LAN multicast client interface
- Example of a WAN multicast client interface
Chapter 7 Ascend Tunnel Management Protocol
- Introduction to ATMP
- Network settings for ATMP
- System reset requirement
- System IP address recommendation
- Setting the UDP port
- Specifying tunnel retry limits
- Setting an MTU limit
- How link compression affects the MTU
- How ATMP tunneling causes fragmentation
- Pushing the fragmentation task to connection end-points
- Forcing fragmentation to interoperate with outdated clients
- Configuring ATMP Foreign Agents
- Configuring the Foreign Agent ATMP profile
- Configuring Mobile-Client Connection profiles
- Specifying Home Agent addresses and port numbers
- Specifying the Home Network name
- Example of a Foreign Agent with multiple Mobile Clients
- Configuring the ATMP profile
- Configuring connections to the Home Agents
- Configuring a Mobile-Client connection to the Gateway Home Agent
- Configuring a Mobile-Client connection to the Router Home Agent
- Example of a Foreign Agent that tunnels to a GRF switch
- Configuring ATMP Home Agents
- Configuring the Home Agent ATMP profile
- Specifying a Gateway or Router Home Agent
- Specifying a Home Agent password
- Setting an idle timer for unused tunnels
- Configuring a gateway connection to the Home Network
- Example of a Gateway Home Agent configuration
- Home Router requirements
- Setting the system IP address
- Configuring the ATMP profile
- Configuring a Gateway-Profile to the Home Network
- Example of a Mobile-Client connection to this Home Agent
- Example of a Router Home Agent configuration
- Setting the system IP address
- Configuring the IP-Interface profile
- Configuring the ATMP profile
- Example of a Mobile-Client connection to this Home Agent
- Configuring a connection to the Foreign Agent
- Configuring an ATMP Home-and-Foreign-Agent
- Configuring the ATMP profile
- Example of a Home-and-Foreign-Agent configuration
- Setting the system IP address
- Configuring the ATMP profile for Home and Foreign Agent
- Configuring a Mobile-Client Connection profile
- Another example of a Home-and-Foreign-Agent configuration
- Setting the system IP address
- Configuring the ATMP profile for Home and Foreign Agent
- Configuring a Connection profile for Mobile-Client-3
Chapter 8 IPX Routing
- IPX routing on the WAN
- How Ascend units use IPX SAP
- How Ascend units use IPX RIP
- How IPX RIP works
- The IPX RIP default route
- Support for IPXWAN negotiation
- Extensions to standard IPX
- Recommendations for NetWare client software
- Configuring the IPX router
- Enabling IPX routing mode
- Defining a virtual IPX network for dial-in clients
- Example of an IPX-Global configuration
- Configuring IPX LAN interfaces
- Enabling IPX routing and spoofing on the interface
- Assigning an IPX network number
- Propagating IPX type 20 packets on a LAN interface
- Applying a SAP filter to the LAN interface
- Example of an IPX-Interface configuration
- Configuring IPX WAN interfaces
- Enabling IPX routing on a WAN interface
- Specifying whether the remote device is a router or dial-in client
- Controlling RIP and SAP updates to and from the remote router
- When to use net-number and net-alias
- Applying a SAP filter to a WAN interface
- Using dial-query
- Home server proxy
- Using IPX header compression
- Example of a connection between two Novell LANs
- Example of a connection to a dial-in client
- Example of enabling home-server proxy
- Configuring IPX static routes
- Identifying the target
- Specifying how to get to the server's network
- Activating the route
- Example of a static IPX route
- Defining and applying IPX SAP filters
- Example of filtering out a file server
- Example of filtering all remote services
- Example of applying an IPX SAP filter to a LAN interface
- Example of applying an IPX SAP filter to a WAN interface
Chapter 9 Ascend Packet Filters
- Filter overview
- Basic types of filters
- What filters are for
- Data filters for dropping or forwarding certain packets
- Call filters for managing connections
- Route filters for managing RIP updates
- How filters work
- Generic filters
- IP filters
- IPX filters
- Route filters
- Introduction to Filter profiles
- Defining generic filters
- Generic filter rules
- Specifying the offset to the bytes to be examined
- Specifying the number of bytes to test
- Linking to the next Input-Filter or Output-Filter in sequence
- Type of comparison to perform when matching the packet
- Masking the value before comparison
- The Value to match against the packet contents
- Example of a generic call filter
- Defining IP filters
- IP filter rules
- Filtering on the protocol number field in IP packets
- Filtering by source address
- Filtering by destination address
- Filtering by port numbers
- Filtering only established TCP sessions
- Example of an IP filter to prevent IP address spoofing
- Example of an IP filter for more complex security issues
- Defining IPX filters
- IPX filter rules
- Filtering on source or destination address
- Source or destination socket number and the method of comparison
- Example of an outbound IPX filter
- Example of an inbound IPX filter
- Defining route filters
- Route filter rules
- Source address and address mask
- Route address and mask
- Specifying the action to take
- Example of a filter that excludes a route
- Example of a filter that configures a route's metric
- Applying a filter to an interface
- How the system uses Answer-Defaults profile settings
- How filter persistence affects filters
- Applying a data filter to a WAN or LAN interface
- Applying a call filter to a WAN interface
- Applying a route filter to a WAN or LAN interface
Appendix A Access Security Settings
- Introduction
- What are your options?
- First-tier access security
- Password encryption
- Enhanced security with token cards
- Choosing what type of access security to use
- How the MAX TNT locates a caller's profile
- Using call information
- Considerations
- CLID
- DNIS or called number
- Configuring the MAX TNT to use call information
- Using the CLID information
- Using the called number
- Specifying the CLID in a Connection profile
- Specifying the called number in a Connection profile
- Using callback for added security
- Password-protecting Telnet access
- Password protecting terminal-server connections
- Recommended settings for modem and terminal-adapter calls
- How security mode affects terminal-server authentication
- Specifying terminal-server password settings
- How immediate mode affects terminal-server authentication
- When to use the third prompt
- PPP authentication
- PPP authentication in the Answer-Defaults profile
- PPP authentication in Connection profiles
- PAP authentication
- CHAP authentication
- MS-CHAP authentication
- Token card authentication
- Authenticating dial-in connections by means of tokens
- Configuring the MAX TNT as the NAS
Appendix B Network Security Settings
- Introduction
- Restricting access to the terminal server
- Authorizing terminal-mode access
- Password-protecting the command line
- Restricting network commands
- Authorizing interactive logins from the terminal-server
- Setting Telnet session defaults
- Authorizing PPP sessions from the terminal-server
- Authorizing SLIP sessions from the terminal-server
- Authorizing immediate mode access
- Authorizing menu mode access
- Restricting access to DNS information
- What is client DNS?
- Configuring client DNS servers at the system level
- Setting connection-specific DNS parameters
- Restricting SNMP access
- Overview of SNMP security
- Enabling SNMP in the MAX TNT
- Setting community strings
- Setting up and enforcing address security
- Preventing misuse of directed broadcasts
- Disabling directed broadcasts
- Ignoring ICMP Echo Requests to the broadcast address
Appendix C Secure Access Firewalls
- Introduction to Secure Access Firewalls
- Uploading Firewalls
- Permissions requirements
- Loading the Firewall
- Diagnostic commands
- Applying a Firewall to an interface
- How the Answer-Defaults profile settings are used
- Filter persistence for Firewalls
- Applying a Firewall to a WAN interface
- Applying a Firewall to a LAN interface
techpubs@eng.ascend.com
Copyright © 1998, Ascend Communications, Inc. All rights
reserved.